How to Use theHarvester?

theHarvester: This tool gathers emails, subdomains, hosts, employee names, open ports, and banners from different public sources such as search engines, PGP key servers, and the SHODAN computer database as well as uses Google, Bing, SHODAN, etc. to extract valuable information from the target domain. This tool is intended to help ethical hackers and pen testers in the early stages of the security assessment to understand the organization’s footprint on the Internet. It is also useful for anyone who wants to know what organizational information is visible to an attacker.

We used Parrot Security machine,

1. A Parrot Terminal window appears. In the terminal window, type sudo su and press Enter to run the programs as a root user.(have to use password)
2. Now, type cd and press Enter to jump to the root directory.

3. In the terminal window, type theHarvester -d microsoft.com -l 200 -b baidu and press Enter.

• In this command, -d specifies the domain or company name to search, -l specifies the number of results to be retrieved, and -b specifies the data source.

4. theHarvester starts extracting the details and displays them on the screen. You can see the email IDs related to the target company and target company hosts obtained from the Baidu source, as shown in the screenshot.

• Here, we specify Baidu search engine as a data source. You can specify different data sources (e.g., Baidu, bing, bingapi, dogpile, Google, GoogleCSE, Googleplus, Google-profiles, linkedin, pgp, twitter, vhost, virustotal, threatcrowd, crtsh, netcraft, yahoo, all) to gather information about the target.